linux/kernel/trace
Alexei Starovoitov 2541517c32 tracing, perf: Implement BPF programs attached to kprobes
BPF programs, attached to kprobes, provide a safe way to execute
user-defined BPF byte-code programs without being able to crash or
hang the kernel in any way. The BPF engine makes sure that such
programs have a finite execution time and that they cannot break
out of their sandbox.

The user interface is to attach to a kprobe via the perf syscall:

	struct perf_event_attr attr = {
		.type	= PERF_TYPE_TRACEPOINT,
		.config	= event_id,
		...
	};

	event_fd = perf_event_open(&attr,...);
	ioctl(event_fd, PERF_EVENT_IOC_SET_BPF, prog_fd);

'prog_fd' is a file descriptor associated with BPF program
previously loaded.

'event_id' is an ID of the kprobe created.

Closing 'event_fd':

	close(event_fd);

... automatically detaches BPF program from it.

BPF programs can call in-kernel helper functions to:

  - lookup/update/delete elements in maps

  - probe_read - wraper of probe_kernel_read() used to access any
    kernel data structures

BPF programs receive 'struct pt_regs *' as an input ('struct pt_regs' is
architecture dependent) and return 0 to ignore the event and 1 to store
kprobe event into the ring buffer.

Note, kprobes are a fundamentally _not_ a stable kernel ABI,
so BPF programs attached to kprobes must be recompiled for
every kernel version and user must supply correct LINUX_VERSION_CODE
in attr.kern_version during bpf_prog_load() call.

Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
Reviewed-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Arnaldo Carvalho de Melo <acme@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: David S. Miller <davem@davemloft.net>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/1427312966-8434-4-git-send-email-ast@plumgrid.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-04-02 13:25:49 +02:00
..
Kconfig tracing: Remove function_trace_stop and HAVE_FUNCTION_TRACE_MCOUNT_TEST 2014-07-18 13:58:12 -04:00
Makefile tracing, perf: Implement BPF programs attached to kprobes 2015-04-02 13:25:49 +02:00
blktrace.c Merge branch 'for-3.19/core' of git://git.kernel.dk/linux-block 2014-12-13 14:14:23 -08:00
bpf_trace.c tracing, perf: Implement BPF programs attached to kprobes 2015-04-02 13:25:49 +02:00
ftrace.c ftrace: Fix ftrace enable ordering of sysctl ftrace_enabled 2015-03-09 10:55:34 -04:00
power-traces.c PM / sleep: export suspend_resume trace event 2015-01-30 02:10:41 +01:00
ring_buffer.c ring-buffer: Do not wake up a splice waiter when page is not full 2015-02-11 07:41:42 -05:00
ring_buffer_benchmark.c trace: Use 64-bit timekeeping 2015-01-28 11:02:05 -05:00
rpm-traces.c PM / Runtime: Introduce trace points for tracing rpm_* functions 2011-09-27 22:53:27 +02:00
trace.c tracing: use %*pb[l] to print bitmaps including cpumasks and nodemasks 2015-02-13 21:21:37 -08:00
trace.h tracing: Make tracing_init_dentry_tr() static 2015-02-02 10:22:23 -05:00
trace_benchmark.c tracing: Only calculate stats of tracepoint benchmarks for 2^32 times 2014-06-06 00:41:38 -04:00
trace_benchmark.h tracing: Add tracepoint benchmark tracepoint 2014-05-29 22:49:54 -04:00
trace_branch.c tracing: Remove unneeded includes of debugfs.h and fs.h 2015-01-22 11:19:48 -05:00
trace_clock.c tracing: Fix wraparound problems in "uptime" trace clock 2014-07-21 09:56:12 -04:00
trace_entries.h tracing: Add trace_puts() for even faster trace_printk() tracing 2013-03-15 00:35:55 -04:00
trace_event_perf.c perf: Avoid horrible stack usage 2015-01-14 15:11:45 +01:00
trace_events.c The updates included in this pull request for ftrace are: 2015-02-12 08:37:41 -08:00
trace_events_filter.c tracing: Allow NOT to filter AND and OR clauses 2014-12-03 10:00:27 -05:00
trace_events_filter_test.h tracing/filter: Add startup tests for events filter 2011-08-19 14:35:59 -04:00
trace_events_trigger.c trace: Replace single-character seq_puts with seq_putc 2014-11-14 07:55:55 -05:00
trace_export.c tracing: Remove unneeded includes of debugfs.h and fs.h 2015-01-22 11:19:48 -05:00
trace_functions.c tracing/trivial: Fix typos and make an int into a bool 2014-11-20 10:05:36 -05:00
trace_functions_graph.c tracing: Use IS_ERR() check for return value of tracing_init_dentry() 2015-01-22 11:19:49 -05:00
trace_irqsoff.c tracing: Remove unneeded includes of debugfs.h and fs.h 2015-01-22 11:19:48 -05:00
trace_kdb.c KGDB/KDB fixes and cleanups 2015-01-09 20:51:10 -08:00
trace_kprobe.c tracing, perf: Implement BPF programs attached to kprobes 2015-04-02 13:25:49 +02:00
trace_mmiotrace.c tracing: Do not check return values of trace_seq_p*() for mmio tracer 2014-11-19 15:25:44 -05:00
trace_nop.c tracing: Remove unneeded includes of debugfs.h and fs.h 2015-01-22 11:19:48 -05:00
trace_output.c tracing: Add array printing helper 2015-01-28 10:34:47 -05:00
trace_output.h tracing: Add trace_seq_has_overflowed() and trace_handle_return() 2014-11-19 15:25:39 -05:00
trace_printk.c tracing: Use IS_ERR() check for return value of tracing_init_dentry() 2015-01-22 11:19:49 -05:00
trace_probe.c tracing/probes: Do not use return value of trace_seq_printf() 2014-11-19 15:25:44 -05:00
trace_probe.h kprobes, ftrace: Use NOKPROBE_SYMBOL macro in ftrace 2014-04-24 10:26:39 +02:00
trace_sched_switch.c tracing: Remove unneeded includes of debugfs.h and fs.h 2015-01-22 11:19:48 -05:00
trace_sched_wakeup.c tracing: Remove unneeded includes of debugfs.h and fs.h 2015-01-22 11:19:48 -05:00
trace_selftest.c Seems that Peter Zijlstra added a new check that is making old 2014-10-12 07:28:55 -04:00
trace_selftest_dynamic.c ftrace: Add self-tests for multiple function trace users 2011-05-18 19:24:51 -04:00
trace_seq.c tracing: use %*pb[l] to print bitmaps including cpumasks and nodemasks 2015-02-13 21:21:37 -08:00
trace_stack.c tracing: Use IS_ERR() check for return value of tracing_init_dentry() 2015-01-22 11:19:49 -05:00
trace_stat.c tracing: Use IS_ERR() check for return value of tracing_init_dentry() 2015-01-22 11:19:49 -05:00
trace_stat.h
trace_syscalls.c perf: Avoid horrible stack usage 2015-01-14 15:11:45 +01:00
trace_uprobe.c Merge branch 'perf/x86' into perf/core, because it's ready 2015-03-27 09:46:19 +01:00